Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.
If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!
No longer able to download package after update to 2025.21
-
Hi,
We updates to Proget 2025.21 and a build started failing with this message.
npm error 400 Bad Request - GET https://packages.vicrea.nl/npm/VicreaNpmJs/eslint-config-prettier/-/eslint-config-prettier-9.1.0.tgz - Package is known to contain malicious code.Which is great but it seems all versions of eslint-config-prettier are now blocked although not all are versions actually malicious
https://nvd.nist.gov/vuln/detail/CVE-2025-54313Is this by design or am i missing something?
-
Hi @v-makkenze_6348 ,
This is a regression introduced from ProGet 2025.20's changes to malicious package handling. It's not intentional, and only the specific versions should be blocked (8.10.1, 9.1.1, 10.1.6, 10.1.7)
We'll get it fixed via PG-3227 in the next maintenance release (scheduled for this Friday, but we may do a pre-release sooner). For now your best bet is to rollback to ProGet 2025.19.
Thanks,
Steve
-
Thanks for the confirmition we downgraded to 2025.19
-
Hi,
My instance says that build 22 is available but Inedo Hub only shows build 21.
Am I too early is something missing?Kind regards,
Valentijn
-
Hi @Valentijn,
We had a hiccup in one of our edge nodes that was preventing this version from showing up. If you check now, it should be available.
Thanks,
Rich
